keysafe - Debian packaging for Keysafe

	Commit message (Collapse)	Author	Age
*	fix bad patch in 6c289708280f721338a3f334196cf92f99ea2d14	Joey Hess	2017-04-03
\| \| \| \| \|	That did not compile it seems and seems I didn't test it either before applying. This should do the same thing.
*	fix indent	Joey Hess	2017-03-22
\|
*	one more instance of showBase16 removed.	Piyush P Kurur	2017-03-22
\|
*	Updated to use raaz-0.1.1.	Joey Hess	2017-03-03
\| \| \| \|	This commit was sponsored by John Peloquin on Patreon.
*	Removed dependency on crypto-random.	Joey Hess	2016-10-07
\| \| \| \| \| \| \| \|	Use raaz for random bytestring generation exclusively. It was already used in all important places, but chaffing was using crypto-random. Note that System.Random is used for delays during chaffing and by random-shuffle.
*	Reduce number of buckets in rate limiter, avoiding ones with very low proof ↵	Joey Hess	2016-09-14
\| \| \| \| \| \| \| \|	of work. This got out of whack when sections were converted to rationals; there were buckets that needed trivial proofs of work, and having these extra buckets increased the total possible throughput.
*	use less expensive hash for proof of work	Joey Hess	2016-09-13
\| \| \| \| \| \| \| \| \| \| \| \| \| \|	The server has to run the hash once to verify a request, so a hash that took 4 seconds could make the server do too much work if it's being flooded with requests. So, made the hash much less expensive. This required keeping track of fractional seconds. Actually, I used Rational for them, to avoid most rounding problems. That turned out nice. I've only tuned the proofOfWorkHashTunable on my fanless overheating laptop so far. It seems to be fairly reasonablly tuned though.
*	eliminate half the bloom filters, using HMAC to verify RequestIDs	Joey Hess	2016-09-13
\| \| \| \| \| \| \| \| \| \| \|	Simplifies code, uses less memory, and don't need to protect against flooding generation of RequestIDs, since the server does not store them at all. Note that the RequestIDSecret is only stored in ram, so restarting the server will invalidate any RequestIds given out before. It would be possible now to store that on disk to avoid that problem, but probably not worth it.
*	add proof of work to countobjects	Joey Hess	2016-09-12
\| \| \| \|	In this case, an empty string is hashed to generate the PoW.
*	implement client-server Proof Of Work	Joey Hess	2016-09-12
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	Mashed up a argon2-based PoW with token buckets and bloom filters. This is intended to prevent a few abuses including: * Using a keysafe server for general file storage, by storing a whole lot of chunks. * An attacker guessing names that people will use, and uploading junk to keysafe servers under those names, to make it harder for others to use keysafe later. * An attacker trying to guess the names used for objects on keysafe servers in order to download them and start password cracking. (As a second level of defense, since the name generation hash is expensive already.) Completely untested, but it builds! This commit was sponsored by Andreas on Patreon.
*	new module	Joey Hess	2016-09-12